From 3ab3f0cf2bfa6c9f61c696bd144b74cad814ee5e Mon Sep 17 00:00:00 2001 From: lilong Date: Thu, 27 Jun 2024 14:17:07 +0800 Subject: [PATCH 1/2] =?UTF-8?q?feat:(REQ-2545)=20=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=8E=86=E5=8F=B2=E6=9F=A5=E8=AF=A2=E8=8F=9C=E5=8D=95=E5=92=8C?= =?UTF-8?q?=E9=89=B4=E6=9D=83=E6=8E=A5=E5=8F=A3=EF=BC=8C=E5=90=8C=E6=97=B6?= =?UTF-8?q?=E6=94=AF=E6=8C=81=E6=96=B0=E6=97=A7=E7=89=88=E6=9C=AC=E7=9A=84?= =?UTF-8?q?featureCodes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tyr/client/feign/FeatureResourceApi.java | 7 +- .../model/req/DeleteFeatureResourceReq.java | 21 ++ .../tyr/client/model/req/IdentityAuthReq.java | 6 + ...PageElementFeatureResourceRelationReq.java | 33 ++ .../model/req/PageSaasFeatureResourceReq.java | 10 + .../model/res/SaasFeatureResourceResp.java | 146 ++++++++ .../config/exception/BizResultCode.java | 3 +- .../permission/FeatureResourceController.java | 12 +- .../controller/role/SaasRoleController.java | 37 +- .../service/SaasFeatureResourceService.java | 9 +- ...ElementFeatureResourceRelationService.java | 15 + .../SaasPgroupPermissionRelationService.java | 10 + .../impl/PermissionQueryServiceImpl.java | 107 +++--- .../ProductFeatureRelationServiceImpl.java | 27 +- .../impl/SaasCommonDictServiceImpl.java | 3 +- .../impl/SaasFeatureResourceServiceImpl.java | 97 +++++- ...entFeatureResourceRelationServiceImpl.java | 43 +++ ...asPgroupPermissionRelationServiceImpl.java | 10 + .../service/impl/TyrSaasAuthServiceImpl.java | 329 +++++++++++++++--- 19 files changed, 769 insertions(+), 156 deletions(-) create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/req/DeleteFeatureResourceReq.java create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageElementFeatureResourceRelationReq.java create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SaasFeatureResourceResp.java create mode 100644 tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPageElementFeatureResourceRelationService.java create mode 100644 tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementFeatureResourceRelationServiceImpl.java diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/FeatureResourceApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/FeatureResourceApi.java index ef3833f4..4481c42b 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/FeatureResourceApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/FeatureResourceApi.java @@ -1,12 +1,13 @@ package cn.axzo.tyr.client.feign; import cn.axzo.framework.domain.web.result.ApiResult; +import cn.axzo.tyr.client.model.req.DeleteFeatureResourceReq; +import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq; import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq; import cn.axzo.tyr.client.model.req.ResourceSyncReq; -import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq; -import cn.axzo.tyr.client.model.res.FeatureResourceDetailResp; import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode; import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; @@ -44,7 +45,7 @@ public interface FeatureResourceApi { /** 删除菜单/页面/组件 **/ @PostMapping("/api/featureResource/delete") - ApiResult deleteFeatureResource(@RequestParam Long featureId, @RequestParam Long operatorId); + ApiResult deleteFeatureResource(@Validated @RequestParam DeleteFeatureResourceReq req); /** 重排序菜单/页面/组件 **/ diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/DeleteFeatureResourceReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/DeleteFeatureResourceReq.java new file mode 100644 index 00000000..73d74382 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/DeleteFeatureResourceReq.java @@ -0,0 +1,21 @@ +package cn.axzo.tyr.client.model.req; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import javax.validation.constraints.NotNull; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class DeleteFeatureResourceReq { + + @NotNull(message = "featureId不能为空") + private Long featureId; + + @NotNull(message = "operatorId不能为空") + private Long operatorId; +} diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java index 396e5c4f..7ebfe9cb 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java @@ -65,6 +65,12 @@ public class IdentityAuthReq { @Builder.Default private boolean useCache = true; + /** + * 权限点类型(0:saas_feature,1:saas_feature_resource) + * 为了兼容第三方调用查询用户的权限点,会把新旧权限点都查询出来,灰度端历史版本由使用方传入版本 + */ + private Integer type; + public IdentityAuthRes toEmpty() { IdentityAuthRes result = new IdentityAuthRes(); result.setIdentity(this.getIdentityId()); diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageElementFeatureResourceRelationReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageElementFeatureResourceRelationReq.java new file mode 100644 index 00000000..6d78e100 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageElementFeatureResourceRelationReq.java @@ -0,0 +1,33 @@ +package cn.axzo.tyr.client.model.req; + +import cn.axzo.foundation.dao.support.wrapper.CriteriaField; +import cn.axzo.foundation.dao.support.wrapper.Operator; +import cn.axzo.foundation.page.IPageReq; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class PageElementFeatureResourceRelationReq implements IPageReq { + + @CriteriaField(ignore = true) + Integer page; + + @CriteriaField(ignore = true) + Integer pageSize; + + /** + * 排序:使用示例,createTime__DESC + */ + @CriteriaField(ignore = true) + List sort; + + @CriteriaField(field = "featureResourceUniCode", operator = Operator.IN) + private List featureResourceUniCodes; +} diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasFeatureResourceReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasFeatureResourceReq.java index 1bf06bda..9cb70535 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasFeatureResourceReq.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasFeatureResourceReq.java @@ -53,6 +53,16 @@ public class PageSaasFeatureResourceReq implements IPageReq { @CriteriaField(field = "featureType", operator = Operator.IN) private List featureResourceTypes; + @CriteriaField(field = "path", operator = Operator.SW) + private String path; + + /** + * CMS端saas_feature_resource.feature_codes已经废弃,后续其他端也会这样迁移 + * 新的存在saas_page_element_feature_resource_relation + */ + @CriteriaField(ignore = true) + private Boolean needFeatureCodes; + public PageResp toEmpty() { return PageResp.builder() .current(this.getPage()) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SaasFeatureResourceResp.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SaasFeatureResourceResp.java new file mode 100644 index 00000000..d8905e45 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SaasFeatureResourceResp.java @@ -0,0 +1,146 @@ +package cn.axzo.tyr.client.model.res; + +import cn.axzo.tyr.client.model.base.FeatureResourceExtraDO; +import com.baomidou.mybatisplus.annotation.TableField; +import com.baomidou.mybatisplus.extension.handlers.FastjsonTypeHandler; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.Date; +import java.util.Set; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class SaasFeatureResourceResp { + + private Long id; + + private Date createAt; + + private Date updateAt; + + /** + * 资源编码-权限码 + */ + private Set featureCodes; + + /** + * 资源名称 + */ + private String featureName; + + /** + * 资源类型1-菜单 2-页面 3-应用入口 4-组件;5-root节点 + */ + private Integer featureType; + + /** + * 资源所属端 + */ + private String terminal; + + /** + * 组件细分类型 1-跳转子页面 2-跳转公共组件 3-弹出窗口 4-下拉项 5-操作按钮 6-数据卡片 7-站外跳转 + */ + private Integer componentType; + + /** + * 上级资源ID + */ + private Long parentId; + + /** + * 资源ID层级路径, 逗号分隔 + */ + private String path; + + /** + * 展示顺序 + */ + private Integer displayOrder; + + /** + * 资源状态 0-隐藏 1-展示 + */ + private Integer status; + + /** + * 资源图标 + */ + private String icon; + + /** + * 跳转类型 1-站内跳转 2-站外跳转 + */ + private Integer redirectType; + + /** + * 资源跳转URI + */ + private String linkUrl; + + /** + * 路由类型1-PC 2-小程序 3-原生 + */ + private Integer linkType; + + /** + * APP适配参数 + */ + private String linkExt; + + /** + * 小程序id + */ + private Integer appItemId; + + /** + * 资源同步版本 + */ + private Integer syncVersion; + + /** + * 扩展字段 + */ + @TableField(value = "extra", typeHandler = FastjsonTypeHandler.class) + private FeatureResourceExtraDO extra; + + /** + * 授权类型0-全部角色 1-指定角色 + */ + private Integer authType; + + /** + * 子级鉴权类型 0-不鉴权1-鉴权 + */ + private Integer subAuthType; + + /** + * 创建人 + */ + private Long createBy; + + /** + * 更新人 + */ + private Long updateBy; + + /** + * 应用范围(租户类型):1:企业工作台 2;项目工作台 + */ + private Long workspaceType; + + /** + * 最低版本序列,主要支持版本灰度策略 + */ + private Integer version; + + /** + * 唯一编码,用于pre环境菜单同步 + */ + private String uniCode; +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java b/tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java index 07316d28..935536c8 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java @@ -11,7 +11,8 @@ public enum BizResultCode implements IResultCode { CANT_DELETE_ROLE_GROUP("100001", "不能删除角色分组,当前角色分组下有子角色分组"), ROLE_GROUP_NOT_FOUND("100002", "角色分组不存在"), REDIS_ROLE_NOT_NULL("100003", "角色id不能为空"), - REDIS_PRODUCT_NOT_NULL("100004", "产品id不能为空"); + REDIS_PRODUCT_NOT_NULL("100004", "产品id不能为空"), + FEATURE_RESOURCE_NOT_FOUND("100005", "菜单资源不存在"); private String errorCode; private String errorMessage; diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/FeatureResourceController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/FeatureResourceController.java index 02bbfe39..ef63b95b 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/FeatureResourceController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/FeatureResourceController.java @@ -1,12 +1,11 @@ package cn.axzo.tyr.server.controller.permission; -import cn.axzo.basics.common.exception.ServiceException; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.feign.FeatureResourceApi; +import cn.axzo.tyr.client.model.req.DeleteFeatureResourceReq; import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq; import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq; import cn.axzo.tyr.client.model.req.ResourceSyncReq; -import cn.axzo.tyr.client.model.res.FeatureResourceDetailResp; import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode; import cn.axzo.tyr.server.service.FeatureResourceSyncService; import cn.axzo.tyr.server.service.SaasFeatureResourceService; @@ -58,11 +57,10 @@ public class FeatureResourceController implements FeatureResourceApi { } @Override - public ApiResult deleteFeatureResource(Long featureId, Long operatorId) { - throw new ServiceException("暂时不支持删除权限点"); -// log.info("deleteFeatureResource featureId : {}, operatorId : {}", featureId, operatorId); -// featureResourceService.deleteMenuFeature(featureId, operatorId); -// return ApiResult.ok(); + public ApiResult deleteFeatureResource(DeleteFeatureResourceReq req) { + log.info("deleteFeatureResource req : {}", req); + featureResourceService.deleteFeatureResource(req); + return ApiResult.ok(); } @Override diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java index 36f1ce0d..c2f8cabb 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java @@ -35,7 +35,6 @@ import cn.axzo.tyr.client.model.vo.SaasRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; import cn.axzo.tyr.server.model.PermissionCacheKey; import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao; -import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao; import cn.axzo.tyr.server.repository.entity.SaasRole; import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation; import cn.axzo.tyr.server.service.PermissionCacheService; @@ -52,8 +51,6 @@ import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; import java.util.Collections; @@ -83,8 +80,6 @@ public class SaasRoleController implements TyrSaasRoleApi { @Autowired PermissionCacheService permissionCacheService; @Autowired - private SaasRoleUserRelationDao saasRoleUserRelationDao; - @Autowired private SaasCommonDictService saasCommonDictService; @Autowired private SaasRoleGroupService saasRoleGroupService; @@ -219,7 +214,9 @@ public class SaasRoleController implements TyrSaasRoleApi { // 因为根节点在roleGroup里面没有,都是workspaceTypeCode,描述是放在字典表里 List commonDicts = listRootRole(req); - + if (CollectionUtils.isEmpty(commonDicts)) { + return ApiListResult.ok(); + } List roots = commonDicts.stream() .map(e -> RoleTreeRes.builder() @@ -453,18 +450,32 @@ public class SaasRoleController implements TyrSaasRoleApi { } private List listRootRole(TreeRoleReq req) { - CommonDictQueryReq commonDictQueryReq = CommonDictQueryReq.builder() - .codes(StringUtils.isBlank(req.getWorkspaceTypeCode()) ? null : Lists.newArrayList(req.getWorkspaceTypeCode())) - .scope("role") - .build(); + + List workspaceTypeCodes = StringUtils.isNotBlank(req.getWorkspaceTypeCode()) ? Lists.newArrayList(req.getWorkspaceTypeCode()) + : Lists.newArrayList(); + if (StringUtils.isNotBlank(req.getTerminal())) { - List workspaceTypeCodes = TERMINAL_WORKSPACE_CODES.get(req.getTerminal()); - if (CollectionUtils.isEmpty(workspaceTypeCodes)) { + List terminalWorkspaceTypeCodes = TERMINAL_WORKSPACE_CODES.get(req.getTerminal()); + if (CollectionUtils.isEmpty(terminalWorkspaceTypeCodes)) { return Collections.emptyList(); } - commonDictQueryReq.setCodes(workspaceTypeCodes); + + if (StringUtils.isBlank(req.getWorkspaceTypeCode())) { + workspaceTypeCodes = terminalWorkspaceTypeCodes; + } else { + workspaceTypeCodes = terminalWorkspaceTypeCodes.stream() + .filter(e -> Objects.equals(e, req.getWorkspaceTypeCode())) + .collect(Collectors.toList()); + if (CollectionUtils.isEmpty(workspaceTypeCodes)) { + return Collections.emptyList(); + } + } } + CommonDictQueryReq commonDictQueryReq = CommonDictQueryReq.builder() + .codes(workspaceTypeCodes) + .scope("role") + .build(); return saasCommonDictService.query(commonDictQueryReq); } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasFeatureResourceService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasFeatureResourceService.java index 4bc1172e..1e10c7c4 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasFeatureResourceService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasFeatureResourceService.java @@ -1,10 +1,12 @@ package cn.axzo.tyr.server.service; import cn.axzo.foundation.page.PageResp; +import cn.axzo.tyr.client.model.req.DeleteFeatureResourceReq; import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq; import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq; import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq; import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode; +import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp; import cn.axzo.tyr.server.model.ResourcePermission; import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO; import cn.axzo.tyr.server.repository.entity.SaasFeatureResource; @@ -51,7 +53,10 @@ public interface SaasFeatureResourceService extends IService listByParentIdAndTerminalAndIds(Long parentId, String terminal, List featureIds); - List list(PageSaasFeatureResourceReq param); + List list(PageSaasFeatureResourceReq param); + + PageResp page(PageSaasFeatureResourceReq param); + + void deleteFeatureResource(DeleteFeatureResourceReq param); - PageResp page(PageSaasFeatureResourceReq param); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPageElementFeatureResourceRelationService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPageElementFeatureResourceRelationService.java new file mode 100644 index 00000000..51a9e2f9 --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPageElementFeatureResourceRelationService.java @@ -0,0 +1,15 @@ +package cn.axzo.tyr.server.service; + +import cn.axzo.foundation.page.PageResp; +import cn.axzo.tyr.client.model.req.PageElementFeatureResourceRelationReq; +import cn.axzo.tyr.server.repository.entity.SaasPageElementFeatureResourceRelation; +import com.baomidou.mybatisplus.extension.service.IService; + +import java.util.List; + +public interface SaasPageElementFeatureResourceRelationService extends IService { + + List list(PageElementFeatureResourceRelationReq param); + + PageResp page(PageElementFeatureResourceRelationReq param); +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPgroupPermissionRelationService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPgroupPermissionRelationService.java index 1c814364..3651d466 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPgroupPermissionRelationService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPgroupPermissionRelationService.java @@ -18,6 +18,8 @@ public interface SaasPgroupPermissionRelationService extends IService list(PagePgroupPermissionRelationReq param); + void delete(DeleteParam param); + @Data @Builder @NoArgsConstructor @@ -40,4 +42,12 @@ public interface SaasPgroupPermissionRelationService extends IService ids; + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java index fc021d8b..29617e7f 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java @@ -29,6 +29,7 @@ import cn.axzo.tyr.client.model.res.FeatureResourceDTO; import cn.axzo.tyr.client.model.res.IdentityAuthRes; import cn.axzo.tyr.client.model.res.NavTreeResp; import cn.axzo.tyr.client.model.res.ProductFeatureResourceResp; +import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp; import cn.axzo.tyr.client.model.res.SaasPermissionRelationRes; import cn.axzo.tyr.client.model.res.TreePermissionResp; import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO; @@ -44,7 +45,6 @@ import cn.axzo.tyr.server.repository.dao.ProductModuleDao; import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao; import cn.axzo.tyr.server.repository.dao.SaasPageElementFeatureResourceRelationDao; import cn.axzo.tyr.server.repository.entity.SaasFeatureResource; -import cn.axzo.tyr.server.repository.entity.SaasPageElementFeatureResourceRelation; import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation; import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation; import cn.axzo.tyr.server.service.PermissionQueryService; @@ -63,7 +63,6 @@ import com.google.common.collect.Sets; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Value; @@ -283,8 +282,9 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { return Collections.emptyList(); } - List saasFeatureResources = saasFeatureResourceService.list(PageSaasFeatureResourceReq.builder() + List saasFeatureResources = saasFeatureResourceService.list(PageSaasFeatureResourceReq.builder() .ids(Lists.newArrayList(featureIds)) + .needFeatureCodes(true) .terminal(req.getTerminal()) .sort(Lists.newArrayList("displayOrder__ASC")) .build()); @@ -293,42 +293,18 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { return Collections.emptyList(); } - Map> featureCodes = listFeatureCodes(saasFeatureResources, req); - List treePermissionResps = saasFeatureResources.stream() - .map(e -> TreePermissionResp.builder() - .featureId(e.getId()) - .featureName(e.getFeatureName()) - .featureType(e.getFeatureType()) - .redirectType(e.getRedirectType()) - .linkUrl(e.getLinkUrl()) - .icon(e.getIcon()) - .parentId(e.getParentId()) - .status(e.getStatus()) - .uniCode(e.getUniCode()) - .featureCodes(featureCodes.get(e.getUniCode())) - .build()) + .map(e -> { + TreePermissionResp treePermissionResp = TreePermissionResp.builder().build(); + BeanUtils.copyProperties(e, treePermissionResp); + return treePermissionResp; + }) .collect(Collectors.toList()); // 组装导航树 // 过滤掉隐藏的节点,因为存在某些节点被隐藏,需要把这些节点和子节点给过滤掉 return TreeUtil.buildTree(treePermissionResps, (Function) e -> Objects.equals(DISPLAY_STATUS, e.getStatus())); } - private Map> listFeatureCodes(List saasFeatureResources, - TreePermissionReq req) { - - if (CollectionUtils.isEmpty(saasFeatureResources) || BooleanUtils.isNotTrue(req.isNeedFeatureCodes())) { - return Collections.emptyMap(); - } - - List uniCodes = saasFeatureResources.stream() - .map(SaasFeatureResource::getUniCode) - .collect(Collectors.toList()); - return saasPageElementFeatureResourceRelationDao.listByUniCodeAndTerminal(uniCodes, req.getTerminal()).stream() - .collect(Collectors.groupingBy(SaasPageElementFeatureResourceRelation::getFeatureResourceUniCode, - Collectors.mapping(SaasPageElementFeatureResourceRelation::getPageElementCode, Collectors.toSet()))); - } - private List getProductFeatureRelationByWorkspace(Set workspaceIds) { List servicePkgDetailRes = RpcInternalUtil.rpcListProcessor(() -> servicePkgClient.getServicePkgDetailBySpaceId(workspaceIds), "查询租户的产品", workspaceIds).getData(); @@ -573,6 +549,42 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { return Collections.emptySet(); } + List saasRoleUserV2DTOS = listUserPermission(treePermissionReq, featureIds); + + List workspaceProducts = listWorkspaceProducts(treePermissionReq); + + //免授权 + List authFreeFeatureIds = listNotAuthFeatures(treePermissionReq); + + //取交集确定权限 + return mixFeatureIds(saasRoleUserV2DTOS, workspaceProducts, authFreeFeatureIds); + } + + private List listNotAuthFeatures(TreePermissionReq treePermissionReq) { + PageSaasFeatureResourceReq pageSaasFeatureResourceReq = PageSaasFeatureResourceReq.builder() + .terminal(treePermissionReq.getTerminal()) + .authType(FeatureResourceAuthType.ALL_ROLE.getCode()) + .build(); + return featureResourceService.list(pageSaasFeatureResourceReq).stream() + .map(SaasFeatureResourceResp::getId) + .collect(Collectors.toList()); + } + + private List listWorkspaceProducts(TreePermissionReq treePermissionReq) { + //查询租户产品权限点 + Set workspaceIds = treePermissionReq.getWorkspaceOUPairs().stream() + .map(WorkspaceOUPair::getWorkspaceId) + .collect(Collectors.toSet()); + WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder() + .terminal(treePermissionReq.getTerminal()) + .workspaceIds(workspaceIds) + .featureResourceTypes(treePermissionReq.getFeatureResourceTypes()) + .type(NEW_FEATURE) + .build(); + return workspaceProductService.listWorkspaceProduct(workspaceProductParam); + } + + private List listUserPermission(TreePermissionReq treePermissionReq, List featureIds) { List workspaceOuPairs = treePermissionReq.getWorkspaceOUPairs().stream() .map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder() .workspaceId(e.getWorkspaceId()) @@ -590,36 +602,9 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { .terminal(treePermissionReq.getTerminal()) .featureIds(featureIds) .build(); - List saasRoleUserV2DTOS = saasRoleUserRelationService.listV2(listRoleUserRelationParam).stream() + return saasRoleUserRelationService.listV2(listRoleUserRelationParam).stream() .filter(e -> e.getSaasRole() != null && CollectionUtils.isNotEmpty(e.getSaasRole().getPermissionRelations())) .collect(Collectors.toList()); - - if (CollectionUtil.isEmpty(saasRoleUserV2DTOS)) { - log.warn("no user role relation found"); - return Collections.emptySet(); - } - //查询租户产品权限点 - Set workspaceIds = treePermissionReq.getWorkspaceOUPairs().stream() - .map(WorkspaceOUPair::getWorkspaceId) - .collect(Collectors.toSet()); - WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder() - .terminal(treePermissionReq.getTerminal()) - .workspaceIds(workspaceIds) - .featureResourceTypes(treePermissionReq.getFeatureResourceTypes()) - .build(); - List workspaceProducts = workspaceProductService.listWorkspaceProduct(workspaceProductParam); - - //免授权 - PageSaasFeatureResourceReq pageSaasFeatureResourceReq = PageSaasFeatureResourceReq.builder() - .terminal(treePermissionReq.getTerminal()) - .authType(FeatureResourceAuthType.ALL_ROLE.getCode()) - .build(); - List authFreeFeatureIds = featureResourceService.list(pageSaasFeatureResourceReq).stream() - .map(SaasFeatureResource::getId) - .collect(Collectors.toList()); - - //取交集确定权限 - return mixFeatureIds(saasRoleUserV2DTOS, workspaceProducts, authFreeFeatureIds); } private List resolveFeatureIds(TreePermissionReq treePermissionReq) { @@ -636,7 +621,7 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { .featureResourceTypes(featureTypes) .build(); return featureResourceService.list(pageSaasFeatureResourceReq).stream() - .map(SaasFeatureResource::getId) + .map(SaasFeatureResourceResp::getId) .collect(Collectors.toList()); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java index 653097ef..9b73479b 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java @@ -1,7 +1,6 @@ package cn.axzo.tyr.server.service.impl; import cn.axzo.basics.common.BeanMapper; -import cn.axzo.framework.auth.domain.TerminalInfo; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; import cn.axzo.thrones.client.saas.ServicePkgClient; @@ -42,7 +41,6 @@ import java.util.concurrent.TimeUnit; import java.util.function.Function; import java.util.stream.Collectors; -import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.NEW_FEATURE; import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData; /** @@ -136,17 +134,18 @@ public class ProductFeatureRelationServiceImpl implements ProductFeatureRelation return ApiResult.ok(Collections.emptyList()); } List list = saasProductModuleFeatureRelationDao.lambdaQuery() - .select(SaasProductModuleFeatureRelation::getFeatureId - ,SaasProductModuleFeatureRelation::getProductModuleId - ,SaasProductModuleFeatureRelation::getDictCode - ,SaasProductModuleFeatureRelation::getDictCodeId - , BaseEntity::getId) + .select(SaasProductModuleFeatureRelation::getFeatureId, + SaasProductModuleFeatureRelation::getProductModuleId, + SaasProductModuleFeatureRelation::getDictCode, + SaasProductModuleFeatureRelation::getDictCodeId, + BaseEntity::getId, + SaasProductModuleFeatureRelation::getType) .in(SaasProductModuleFeatureRelation::getProductModuleId, productIds) .list(); return ApiResult.ok(BeanMapper.copyList(list, ProductFeatureRelationVO.class)); } - + @Override public Map> getByWorkspace(Set workspaceId) { StopWatch stopWatch = StopWatch.create(" get product by workspace"); @@ -217,19 +216,13 @@ public class ProductFeatureRelationServiceImpl implements ProductFeatureRelation .eq(Objects.nonNull(condition.getWorkspaceJoinType()), SaasProductModuleFeatureRelation::getDictCode, condition.getWorkspaceJoinType()) .in(CollectionUtil.isNotEmpty(condition.getFeatureIds()), SaasProductModuleFeatureRelation::getFeatureId, condition.getFeatureIds()) - .eq(Objects.nonNull(condition.getType()), SaasProductModuleFeatureRelation::getType, condition.getType()); + .eq(Objects.nonNull(condition.getType()), SaasProductModuleFeatureRelation::getType, condition.getType()) + .eq(StringUtils.hasLength(condition.getTerminal()), SaasProductModuleFeatureRelation::getTerminal, condition.getTerminal()); + if (!CollectionUtils.isEmpty(condition.getFeatureResourceTypes())) { wrapper.in(SaasProductModuleFeatureRelation::getFeatureType, Lists.transform(condition.getFeatureResourceTypes(), FeatureResourceType::getCode)); } - // 目前只有新版本的CMS端产品配置时才冗余了terminal - if (Objects.equals(NEW_FEATURE, condition.getType()) && StringUtils.hasLength(condition.getTerminal())) { - TerminalInfo terminalInfo = new TerminalInfo(condition.getTerminal()); - if (terminalInfo.isCMS()) { - wrapper.eq(SaasProductModuleFeatureRelation::getTerminal, condition.getTerminal()); - } - } - return this.saasProductModuleFeatureRelationDao.list(wrapper); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasCommonDictServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasCommonDictServiceImpl.java index 9e3729cf..5ca0695c 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasCommonDictServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasCommonDictServiceImpl.java @@ -30,8 +30,7 @@ public class SaasCommonDictServiceImpl implements SaasCommonDictService { private final SaasCommonDictDao commonDictDao; @Override - public List - query(CommonDictQueryReq req) { + public List query(CommonDictQueryReq req) { List list = commonDictDao.lambdaQuery() .eq(Objects.nonNull(req.getScope()), SaasCommonDict::getScope, req.getScope()) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java index 7f603622..0c5ffd69 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java @@ -1,24 +1,30 @@ package cn.axzo.tyr.server.service.impl; import cn.axzo.basics.common.BeanMapper; +import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum; import cn.axzo.basics.common.util.StopWatchUtil; import cn.axzo.basics.common.util.TreeUtil; import cn.axzo.foundation.dao.support.converter.PageConverter; import cn.axzo.foundation.dao.support.mysql.QueryWrapperHelper; +import cn.axzo.foundation.exception.Axssert; import cn.axzo.foundation.page.PageResp; import cn.axzo.framework.domain.web.code.BaseCode; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; import cn.axzo.tyr.client.common.enums.FeatureResourceAuthType; import cn.axzo.tyr.client.common.enums.FeatureResourceStatus; import cn.axzo.tyr.client.common.enums.FeatureResourceType; +import cn.axzo.tyr.client.model.req.DeleteFeatureResourceReq; import cn.axzo.tyr.client.model.req.FeatureComponentSaveReq; import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq; import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq; import cn.axzo.tyr.client.model.req.ModifyPageElementRelationDTO; +import cn.axzo.tyr.client.model.req.PageElementFeatureResourceRelationReq; +import cn.axzo.tyr.client.model.req.PagePgroupPermissionRelationReq; import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq; import cn.axzo.tyr.client.model.res.FeatureResourceDTO; import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode; import cn.axzo.tyr.client.model.res.PageElementBasicDTO; +import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp; import cn.axzo.tyr.server.common.util.Throws; import cn.axzo.tyr.server.model.ResourcePermission; import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO; @@ -26,9 +32,13 @@ import cn.axzo.tyr.server.model.convert.SaasFeatureResourceConvert; import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao; import cn.axzo.tyr.server.repository.entity.SaasFeatureResource; import cn.axzo.tyr.server.repository.entity.SaasPageElement; +import cn.axzo.tyr.server.repository.entity.SaasPageElementFeatureResourceRelation; +import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; import cn.axzo.tyr.server.repository.mapper.SaasFeatureResourceMapper; import cn.axzo.tyr.server.service.SaasFeatureResourceService; +import cn.axzo.tyr.server.service.SaasPageElementFeatureResourceRelationService; import cn.axzo.tyr.server.service.SaasPageElementService; +import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService; import cn.azxo.framework.common.utils.StringUtils; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.lang.Assert; @@ -36,9 +46,12 @@ import cn.hutool.core.util.ObjectUtil; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import com.google.common.collect.Lists; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang3.BooleanUtils; +import org.springframework.beans.BeanUtils; import org.springframework.cache.annotation.CacheEvict; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -46,12 +59,14 @@ import org.springframework.transaction.annotation.Transactional; import java.util.Collections; import java.util.Comparator; import java.util.List; +import java.util.Map; import java.util.Objects; import java.util.Set; -import java.util.function.Function; import java.util.stream.Collectors; +import static cn.axzo.tyr.server.config.exception.BizResultCode.FEATURE_RESOURCE_NOT_FOUND; import static cn.axzo.tyr.server.repository.entity.SaasFeatureResource.DEFAULT_WORKSPACE_TYPE; +import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.NEW_FEATURE; /** * 功能资源服务实现 @@ -72,6 +87,8 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl listNavByIds(List featureIds, List featureTypes) { @@ -477,7 +494,7 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl list(PageSaasFeatureResourceReq param) { + public List list(PageSaasFeatureResourceReq param) { return PageConverter.drainAll(pageNumber -> { param.setPage(pageNumber); param.setPageSize(500); @@ -486,7 +503,7 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl page(PageSaasFeatureResourceReq param) { + public PageResp page(PageSaasFeatureResourceReq param) { String parentPath = resolveParentPath(param); if (Objects.nonNull(param.getParentId()) && StringUtils.isBlank(parentPath)) { @@ -499,7 +516,36 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl page = this.page(PageConverter.toMybatis(param, SaasFeatureResource.class), wrapper); - return PageConverter.toResp(page, Function.identity()); + Map> uniCodeFeatureCodeMap = listFeatureCodes(param, page.getRecords()); + + return PageConverter.toResp(page, e -> from(e, uniCodeFeatureCodeMap)); + } + + private SaasFeatureResourceResp from(SaasFeatureResource featureResource, + Map> uniCodeFeatureCodeMap) { + SaasFeatureResourceResp saasFeatureResourceResp = SaasFeatureResourceResp.builder().build(); + BeanUtils.copyProperties(featureResource, saasFeatureResourceResp); + + saasFeatureResourceResp.setFeatureCodes(uniCodeFeatureCodeMap.get(featureResource.getUniCode())); + return saasFeatureResourceResp; + } + + private Map> listFeatureCodes(PageSaasFeatureResourceReq param, + List saasFeatureResources) { + + if (CollectionUtils.isEmpty(saasFeatureResources) || BooleanUtils.isNotTrue(param.getNeedFeatureCodes())) { + return Collections.emptyMap(); + } + + List uniCodes = Lists.transform(saasFeatureResources, SaasFeatureResource::getUniCode); + PageElementFeatureResourceRelationReq pageElementFeatureResourceRelationReq = PageElementFeatureResourceRelationReq.builder() + .featureResourceUniCodes(uniCodes) + .build(); + return saasPageElementFeatureResourceRelationService.list(pageElementFeatureResourceRelationReq) + .stream() + .collect(Collectors.groupingBy(SaasPageElementFeatureResourceRelation::getFeatureResourceUniCode, + Collectors.mapping(SaasPageElementFeatureResourceRelation::getPageElementCode, Collectors.toSet()))); + } private String resolveParentPath(PageSaasFeatureResourceReq param) { @@ -530,4 +576,47 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl deleteFeatureResource = this.list(PageSaasFeatureResourceReq.builder() + .path(featureResource.getPath()) + .build()); + + // 删除自己及自己的子集 + this.updateBatchById(deleteFeatureResource.stream() + .map(e -> { + SaasFeatureResource saasFeatureResource = new SaasFeatureResource(); + saasFeatureResource.setId(e.getId()); + saasFeatureResource.setUpdateBy(param.getOperatorId()); + saasFeatureResource.setIsDelete(TableIsDeleteEnum.DELETE.value); + return saasFeatureResource; + }) + .collect(Collectors.toList())); + + deletePermissionRelations(deleteFeatureResource); + } + + private void deletePermissionRelations(List deleteFeatureResource) { + + PagePgroupPermissionRelationReq pagePgroupPermissionRelationReq = PagePgroupPermissionRelationReq.builder() + .featureIds(Lists.transform(deleteFeatureResource, SaasFeatureResourceResp::getId)) + .type(NEW_FEATURE) + .build(); + List permissionRelations = saasPgroupPermissionRelationService.list(pagePgroupPermissionRelationReq); + + if (CollectionUtils.isEmpty(permissionRelations)) { + return; + } + SaasPgroupPermissionRelationService.DeleteParam deleteParam = SaasPgroupPermissionRelationService.DeleteParam.builder() + .ids(Lists.transform(permissionRelations, SaasPgroupPermissionRelation::getId)) + .build(); + saasPgroupPermissionRelationService.delete(deleteParam); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementFeatureResourceRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementFeatureResourceRelationServiceImpl.java new file mode 100644 index 00000000..abb33ff7 --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementFeatureResourceRelationServiceImpl.java @@ -0,0 +1,43 @@ +package cn.axzo.tyr.server.service.impl; + +import cn.axzo.foundation.dao.support.converter.PageConverter; +import cn.axzo.foundation.dao.support.mysql.QueryWrapperHelper; +import cn.axzo.foundation.page.PageResp; +import cn.axzo.tyr.client.model.req.PageElementFeatureResourceRelationReq; +import cn.axzo.tyr.server.repository.entity.SaasPageElementFeatureResourceRelation; +import cn.axzo.tyr.server.repository.mapper.SaasPageElementFeatureResourceRelationMapper; +import cn.axzo.tyr.server.service.SaasPageElementFeatureResourceRelationService; +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; + +import java.util.List; +import java.util.function.Function; + +@Slf4j +@Service +public class SaasPageElementFeatureResourceRelationServiceImpl extends ServiceImpl + implements SaasPageElementFeatureResourceRelationService { + + @Override + public List list(PageElementFeatureResourceRelationReq param) { + return PageConverter.drainAll(pageNumber -> { + param.setPage(pageNumber); + param.setPageSize(500); + return page(param); + }); + } + + @Override + public PageResp page(PageElementFeatureResourceRelationReq param) { + + QueryWrapper wrapper = QueryWrapperHelper.fromBean(param, SaasPageElementFeatureResourceRelation.class); + wrapper.eq("is_delete", 0); + + IPage page = this.page(PageConverter.toMybatis(param, SaasPageElementFeatureResourceRelation.class), wrapper); + + return PageConverter.toResp(page, Function.identity()); + } +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationServiceImpl.java index 9b8e3049..dd91dcfe 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationServiceImpl.java @@ -11,6 +11,7 @@ import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationDao; import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; import cn.axzo.tyr.server.repository.mapper.SaasPgroupPermissionRelationMapper; import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService; +import cn.hutool.core.collection.CollectionUtil; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; @@ -102,4 +103,13 @@ public class SaasPgroupPermissionRelationServiceImpl return page(param); }); } + + @Override + @Transactional(rollbackFor = Exception.class) + public void delete(DeleteParam param) { + if (CollectionUtil.isEmpty(param.getIds())) { + return; + } + this.removeByIds(param.getIds()); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 4c22051d..931bddad 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -7,6 +7,7 @@ import cn.axzo.pokonyan.util.TraceSupplier; import cn.axzo.thrones.client.saas.ServicePkgClient; import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct; import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes; +import cn.axzo.tyr.client.common.enums.FeatureResourceAuthType; import cn.axzo.tyr.client.common.enums.RoleTypeEnum; import cn.axzo.tyr.client.common.enums.WorkspaceJoinType; import cn.axzo.tyr.client.model.enums.DelegatedType; @@ -21,6 +22,7 @@ import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq; import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq; import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq; import cn.axzo.tyr.client.model.req.OUWorkspacePair; +import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq; import cn.axzo.tyr.client.model.req.PermissionCheckReq; import cn.axzo.tyr.client.model.req.QueryPermissionByIdsReq; import cn.axzo.tyr.client.model.req.QuerySaasRoleReq; @@ -29,7 +31,6 @@ import cn.axzo.tyr.client.model.res.IdentityAuthRes; import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp; import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp; import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp; -import cn.axzo.tyr.client.model.res.SaasPermissionRes; import cn.axzo.tyr.client.model.res.SaasRoleRes; import cn.axzo.tyr.client.model.res.SimplePermissionPointResp; import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO; @@ -54,9 +55,11 @@ import cn.axzo.tyr.server.service.PermissionCacheService; import cn.axzo.tyr.server.service.PermissionPointService; import cn.axzo.tyr.server.service.ProductFeatureRelationService; import cn.axzo.tyr.server.service.RoleService; +import cn.axzo.tyr.server.service.SaasFeatureResourceService; import cn.axzo.tyr.server.service.SaasRoleGroupService; import cn.axzo.tyr.server.service.SaasRoleUserRelationService; import cn.axzo.tyr.server.service.TyrSaasAuthService; +import cn.axzo.tyr.server.service.WorkspaceProductService; import cn.axzo.tyr.server.util.KeyUtil; import cn.axzo.tyr.server.utils.RpcExternalUtil; import cn.azxo.framework.common.model.CommonResponse; @@ -98,6 +101,8 @@ import java.util.concurrent.TimeUnit; import java.util.function.Function; import java.util.stream.Collectors; +import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.NEW_FEATURE; +import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.OLD_FEATURE; import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData; import static cn.axzo.tyr.server.util.RpcInternalUtil.rpcListProcessor; @@ -128,6 +133,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { private final SaasRoleUserRelationService saasRoleUserRelationService; private final SaasFeatureDao saasFeatureDao; private final SaasProductModuleFeatureRelationDao saasProductModuleFeatureRelationDao; + private final WorkspaceProductService workspaceProductService; + private final SaasFeatureResourceService saasFeatureResourceService; /** * 通过身份查询人员权限 @@ -346,6 +353,54 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { return permissionSet.containsAll(checkCodes); } +// private IdentityAuthRes listAllNotAuthPermission(IdentityAuthReq identityAuthReq) { +// // 目前只有CMS端会同时在saas_feature和saas_feature_resource中使用 +// permissionPointService.queryList(PermissionPointListQueryRequest.builder() +// .delegatedType(DelegatedType.NO_NEED.getCode()) +// .build()); +// +// PageSaasFeatureResourceReq pageSaasFeatureResourceReq = PageSaasFeatureResourceReq.builder() +// .terminal(TerminalInfo.NT_CMS_WEB_GENERAL) +// .authType(FeatureResourceAuthType.ALL_ROLE.getCode()) +// .build(); +// saasFeatureResourceService.list(pageSaasFeatureResourceReq); +// +// Set workspaceIds = identityAuthReq.getWorkspaceOusPairs().stream() +// .map(IdentityAuthReq.WorkspaceOuPair::getWorkspaceId) +// .collect(Collectors.toSet()); +// +// WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder() +// .workspaceIds(workspaceIds) +// .featureIds() +// .build(); +// workspaceProductService.listWorkspaceProduct(workspaceProductParam); +// +// +// IdentityAuthRes result = new IdentityAuthRes(); +// result.setIdentity(identityAuthReq.getIdentityId()); +// result.setIdentityType(identityAuthReq.getIdentityType()); +// result.setPersonId(identityAuthReq.getPersonId()); +// +// List workspacePermissions = identityAuthReq.getWorkspaceOusPairs().stream() +// .map(e -> { +// +// IdentityAuthRes.WorkspacePermission workspacePermission = IdentityAuthRes.WorkspacePermission.builder() +// .workspaceId(e.getWorkspaceId()) +// .ouId(e.getOuId()) +// .build(); +// +// IdentityAuthRes.PermissionPoint.builder() +// .featureCode(e.getCode()) +// .featureId(e.getId()) +// .terminal(e.getTerminal()) +// .build(); +// return workspacePermission; +// }) +// .collect(Collectors.toList()); +// +// result.setPermissions(workspacePermissions); +// return result; +// } private IdentityAuthRes findIdentityAuth(IdentityAuthReq identityAuthReq) { //用户角色关系 @@ -357,19 +412,26 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { Set realWorkspaceId = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getWorkspaceId).collect(Collectors.toSet()); //工作台对应产品 key = workspaceId - CompletableFuture>> workspacePermissionPointFuture = CompletableFuture - .supplyAsync(TraceSupplier.create(() -> productFeatureRelationService.getByWorkspace(realWorkspaceId)), executor); + CompletableFuture> workspacePermissionPointFuture = CompletableFuture + .supplyAsync(TraceSupplier.create(() -> { + WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder() + .workspaceIds(realWorkspaceId) + .type(identityAuthReq.getType()) + .build(); + return workspaceProductService.listWorkspaceProduct(workspaceProductParam); + }), executor); //查询工作台下授予的角色和权限 List owRoles = listRolesWithPermission(saasRoleUserRelations, identityAuthReq); - Map> workspaceProductPermissionMap = workspacePermissionPointFuture.join(); + Map workspaceProductPermissionMap = workspacePermissionPointFuture.join().stream() + .collect(Collectors.toMap(WorkspaceProductService.WorkspaceProduct::getWorkspaceId, Function.identity())); List> futureList = new ArrayList<>(); for (OUWRoleInfo owRoleInfo : owRoles) { // 工作台的产品权限点 - List productFeatureRelationVOS = workspaceProductPermissionMap.get(owRoleInfo.getWorkspaceId()); + WorkspaceProductService.WorkspaceProduct workspaceProduct = workspaceProductPermissionMap.get(owRoleInfo.getWorkspaceId()); //构建每个工作台的实际权限点 - futureList.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> buildPermissions(owRoleInfo, productFeatureRelationVOS)), executor) + futureList.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> buildPermissions(owRoleInfo, workspaceProduct)), executor) .exceptionally(t -> { LogUtil.error("获取角色对应权限失败", t); throw new ServiceException(t); @@ -387,14 +449,14 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { return result; } - private IdentityAuthRes.WorkspacePermission buildPermissions(OUWRoleInfo ouwRoleInfo, List productFeatures) { + private IdentityAuthRes.WorkspacePermission buildPermissions(OUWRoleInfo ouwRoleInfo, WorkspaceProductService.WorkspaceProduct workspaceProduct) { IdentityAuthRes.WorkspacePermission resultPermission = IdentityAuthRes.WorkspacePermission.builder() .workspaceId(ouwRoleInfo.getWorkspaceId()) .ouId(ouwRoleInfo.getOuId()) .build(); - if (CollectionUtil.isEmpty(productFeatures)) { + if (Objects.isNull(workspaceProduct) || CollectionUtil.isEmpty(workspaceProduct.getSaasProductModuleFeatureRelations())) { log.warn("no product features found for workspace :{}", ouwRoleInfo.getWorkspaceId()); return resultPermission; } @@ -405,25 +467,26 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { return resultPermission; } + List productFeatures = workspaceProduct.getSaasProductModuleFeatureRelations(); + // 因为存在同时有saas_feature和saas_feature_resource的权限,所以要返回type,根据type解析code //超管和管理员权限 - Pair> adminPermissions = buildAdminPermission(ouwRoleInfo, productFeatures); + Pair> adminPermissions = buildAdminPermission(ouwRoleInfo, productFeatures); //标准角和自定义角色权限 - Set normalPermissions = buildNormalPermission(ouwRoleInfo, productFeatures); - Set allPermissionIds = new HashSet<>(); - allPermissionIds.addAll(adminPermissions.getValue()); - allPermissionIds.addAll(normalPermissions); + Set normalPermissions = buildNormalPermission(ouwRoleInfo, productFeatures); + Set allPermissions = Sets.newHashSet(); + allPermissions.addAll(adminPermissions.getValue()); + allPermissions.addAll(normalPermissions); //查询权限点及父级权限点 - List allPermissionPoint = permissionPointService.listPermissionByIds( - QueryPermissionByIdsReq.builder() - .ids(allPermissionIds) - .includeParent(true) - .build()); + List allOldPermissionPoint = listOldFeatures(allPermissions); + + List newPermissionPoints = listNewFeatures(allPermissions); + //组装返回值 //是否超管 resultPermission.setSuperAdmin(BooleanUtil.isTrue(adminPermissions.getKey())); //权限数据 - resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream() + resultPermission.getPermissionPoint().addAll(allOldPermissionPoint.stream() .map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder() .featureCode(permissionPointTreeNode.getCode()) .featureId(permissionPointTreeNode.getId()) @@ -431,14 +494,63 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { .build()) .collect(Collectors.toList())); + resultPermission.getPermissionPoint().addAll(newPermissionPoints); return resultPermission; } - private Set buildNormalPermission(OUWRoleInfo userRoleInfoMap, List productFeatures) { + private List listNewFeatures(Set featureWrappers) { + List featureIds = featureWrappers.stream() + .filter(e -> Objects.equals(e.getType(), NEW_FEATURE)) + .map(FeatureWrapper::getFeatureId) + .collect(Collectors.toList()); + + if (CollectionUtils.isEmpty(featureIds)) { + return Collections.emptyList(); + } + + // 因为新版本配置权限点的时候,会在选中某个权限节点时,把所有父节点也冗余到权限里,所以只需要查询权限点信息 + return saasFeatureResourceService.list(PageSaasFeatureResourceReq.builder() + .ids(featureIds) + .needFeatureCodes(true) + .build()) + .stream() + .filter(e -> !CollectionUtils.isEmpty(e.getFeatureCodes())) + .map(e -> + // 兼容历史情况,根据featureCode组装数据 + e.getFeatureCodes().stream() + .map(featureCode -> IdentityAuthRes.PermissionPoint.builder() + .featureCode(featureCode) + .featureId(e.getId()) + .terminal(e.getTerminal()) + .build()) + .collect(Collectors.toList())) + .flatMap(Collection::stream) + .collect(Collectors.toList()); + } + + private List listOldFeatures(Set featureWrappers) { + Set featureIds = featureWrappers.stream() + .filter(e -> Objects.equals(e.getType(), OLD_FEATURE)) + .map(FeatureWrapper::getFeatureId) + .collect(Collectors.toSet()); + + if (CollectionUtils.isEmpty(featureIds)) { + return Collections.emptyList(); + } + + return permissionPointService.listPermissionByIds( + QueryPermissionByIdsReq.builder() + .ids(featureIds) + .includeParent(true) + .build()); + } + + private Set buildNormalPermission(OUWRoleInfo userRoleInfoMap, List productFeatures) { log.info("build permission for ou:{}, workspace:{}", userRoleInfoMap.getOuId(), userRoleInfoMap.getWorkspaceId()); - Set allMatchedProductFeatureIds = new HashSet<>(); - Set allAuthPermissionIds = new HashSet<>(); + Set allMatchedProductFeatures = new HashSet<>(); + Set allAuthFeatures = new HashSet<>(); + //聚合实际授权的权限:角色权限和产品权限交集 for (SaasRoleRes role : userRoleInfoMap.getRoles()) { //跳过超管和管理员 @@ -448,40 +560,89 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { } log.info("build permission for role:{}", role.getId()); - Set rolePermissionIds = Optional.ofNullable(role.getSaasPermissions()) + Set rolePermissions = Optional.ofNullable(role.getPermissionRelations()) .map(e -> e.stream() .filter(Objects::nonNull) - .map(SaasPermissionRes::getId) + .map(f -> FeatureWrapper.builder() + .featureId(f.getFeatureId()) + .type(f.getType()) + .build()) .collect(Collectors.toSet())) .orElseGet(Sets::newHashSet); //角色标签类型匹配产品标签类型 - Set productPermissionIds = productFeatures.stream() + Set productPermissions = productFeatures.stream() .filter(productFeatureRelationVO -> Objects.equals(productFeatureRelationVO.getDictCode(), String.valueOf(role.getProductUnitType()))) - .map(ProductFeatureRelationVO::getFeatureId) + .map(e -> FeatureWrapper.builder() + .featureId(e.getFeatureId()) + .type(e.getType()) + .build()) .collect(Collectors.toSet()); - allMatchedProductFeatureIds.addAll(productPermissionIds); + allMatchedProductFeatures.addAll(productPermissions); // 产品对应权限点 与 角色权限点 取交集 - Collection resultHashAuthPointId = CollectionUtil.intersection(productPermissionIds, rolePermissionIds); + Collection resultHashAuthPointId = CollectionUtil.intersection(productPermissions, rolePermissions); if (CollectionUtil.isNotEmpty(resultHashAuthPointId)) { log.info("add auth permission for role:{}", role.getId()); - allAuthPermissionIds.addAll(resultHashAuthPointId); + allAuthFeatures.addAll(resultHashAuthPointId); } } - if (CollectionUtil.isEmpty(allMatchedProductFeatureIds)) { + if (CollectionUtil.isEmpty(allMatchedProductFeatures)) { log.info("no normal roles found"); - return allAuthPermissionIds; + return allAuthFeatures; } - // 免授权权限点统一处理 - List noNeedPermissionPoint = permissionPointService.queryList(PermissionPointListQueryRequest.builder() - .ids(new ArrayList<>(allMatchedProductFeatureIds)) - .delegatedType(DelegatedType.NO_NEED.getCode()) - .build()); - allAuthPermissionIds.addAll(noNeedPermissionPoint.stream().map(PermissionPointTreeNode::getPermissionPointId).collect(Collectors.toSet())); - return allAuthPermissionIds; + Set newFeatureNoAuth = listNoAuthFeatureResources(allMatchedProductFeatures); + + Set oldFeatureNoAuth = listNoAuthFeatures(allMatchedProductFeatures); + allAuthFeatures.addAll(newFeatureNoAuth); + allAuthFeatures.addAll(oldFeatureNoAuth); + return allAuthFeatures; } - private Pair> buildAdminPermission(OUWRoleInfo userRoleInfoMap, List productFeatures) { + private Set listNoAuthFeatures(Set featureWrappers) { + List featureIds = featureWrappers.stream() + .filter(e -> Objects.equals(e.getType(), OLD_FEATURE)) + .map(FeatureWrapper::getFeatureId) + .collect(Collectors.toList()); + + if (CollectionUtils.isEmpty(featureIds)) { + return Collections.emptySet(); + } + + return permissionPointService.queryList(PermissionPointListQueryRequest.builder() + .ids(featureIds) + .delegatedType(DelegatedType.NO_NEED.getCode()) + .build()) + .stream() + .map(e -> FeatureWrapper.builder() + .featureId(e.getPermissionPointId()) + .type(OLD_FEATURE) + .build()) + .collect(Collectors.toSet()); + } + + private Set listNoAuthFeatureResources(Set featureWrappers) { + List featureIds = featureWrappers.stream() + .filter(e -> Objects.equals(e.getType(), NEW_FEATURE)) + .map(FeatureWrapper::getFeatureId) + .collect(Collectors.toList()); + + if (CollectionUtils.isEmpty(featureIds)) { + return Collections.emptySet(); + } + + PageSaasFeatureResourceReq pageSaasFeatureResourceReq = PageSaasFeatureResourceReq.builder() + .ids(featureIds) + .authType(FeatureResourceAuthType.ALL_ROLE.getCode()) + .build(); + return saasFeatureResourceService.list(pageSaasFeatureResourceReq).stream() + .map(e -> FeatureWrapper.builder() + .featureId(e.getId()) + .type(NEW_FEATURE) + .build()) + .collect(Collectors.toSet()); + } + + private Pair> buildAdminPermission(OUWRoleInfo userRoleInfoMap, List productFeatures) { Boolean superAdmin = false; //超管和管理员角色 List adminRoles = userRoleInfoMap.getRoles().stream() @@ -495,28 +656,45 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { log.info("build admin permission for ou:{}, workspace:{}", userRoleInfoMap.getOuId(), userRoleInfoMap.getWorkspaceId()); //聚合超管和管理员的权限点: 直接取角色标签和产品标签相匹配的权限点 - Set permissionIds = new HashSet<>(); + Set permissions = Sets.newHashSet(); for (SaasRoleRes adminRole : adminRoles) { //超管:查询工作台对应产品,获取权限点, ( 权限点通过单位类型过滤) if (RoleTypeEnum.SUPER_ADMIN.getValue().equals(adminRole.getRoleType())) { superAdmin = true; } //角色标签类型匹配产品标签类型 - Set buttonPermissionPointId = productFeatures.stream() + Set permission = productFeatures.stream() .filter(productFeatureRelationVO -> Objects.equals(productFeatureRelationVO.getDictCode(), String.valueOf(adminRole.getProductUnitType()))) - .map(ProductFeatureRelationVO::getFeatureId) + .map(e -> FeatureWrapper.builder() + .featureId(e.getFeatureId()) + .type(e.getType()) + .build()) .collect(Collectors.toSet()); - if (CollectionUtil.isEmpty(buttonPermissionPointId)) { + if (CollectionUtil.isEmpty(permission)) { log.warn("empty permission for admin role:{}", adminRole.getId()); continue; } log.info("add all permissions for role:{}", adminRole.getId()); - permissionIds.addAll(buttonPermissionPointId); + permissions.addAll(permission); } - return Pair.of(superAdmin, permissionIds); + return Pair.of(superAdmin, permissions); + } + + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + static class FeatureWrapper { + private Long featureId; + + /** + * 关联类型(0:saas_feature,1:saas_feature_resource) + */ + private Integer type; } private List listRolesWithPermission(List roleUserRelations, IdentityAuthReq identityAuthReq) { @@ -535,7 +713,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { //获取角色和关联权限信息 RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder() .roleIds(Lists.newArrayList(roleIds)) - .needPermissionOld(true) + .needPermissionRelation(true) + .type(identityAuthReq.getType()) .build(); Map saasRoleRes = roleService.list(listSaasRoleParam).stream() .collect(Collectors.toMap(SaasRoleRes::getId, Function.identity())); @@ -727,6 +906,13 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { //不走缓存的情况:关闭缓存开关 - 缓存临时禁用 - 请求指明不走缓存 - 角色预览操作 //请求参数去重: ou-workspace req.distinctOUWorkspacePair(); + + // 因为目前只有/yoke/webApi/profile/user/v3/application接口会传入featureId,使用的是app端,所以这里只需要查询saas_feature的权限点 + // 以为下面要根据featureId进行匹配,为了解决saas_feature和saas_feature_resource有冲突的数据,必须给type + if (!CollectionUtils.isEmpty(req.getFeatureId())) { + req.setType(OLD_FEATURE); + } + boolean notUseCache = !req.isUseCache() || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds()) || permissionCacheService.cacheDisable( @@ -1055,6 +1241,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { */ public boolean authPermission(PermissionCheckReq req) { // saas_feature表会被废弃,所以直接查询,没提供统一的查询 + // 会存在灰度用户的情况,接口对应的featureCode分别是saas_feature和saas_feature_resource的权限码 List saasFeatures = saasFeatureDao.lambdaQuery() .in(SaasFeature::getFeatureCode, req.getFeatureCodes()) .eq(SaasFeature::getIsDelete, TableIsDeleteEnum.NORMAL.value) @@ -1102,6 +1289,56 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { return matchNormalRole(saasRoleUserRelations, permissionProducts); } +// private boolean authPermissionNewFeature(PermissionCheckReq req) { +// // saas_feature表会被废弃,所以直接查询,没提供统一的查询 +// // 会存在灰度用户的情况,接口对应的featureCode分别是saas_feature和saas_feature_resource的权限码 +// List saasFeatures = saasFeatureResourceService.lambdaQuery() +// .in(SaasFeature::getFeatureCode, req.getFeatureCodes()) +// .eq(SaasFeature::getIsDelete, TableIsDeleteEnum.NORMAL.value) +// .eq(StringUtils.isNotBlank(req.getTerminal()), SaasFeature::getTerminal, req.getTerminal()) +// .list(); +// if (CollectionUtils.isEmpty(saasFeatures)) { +// log.info("featureCode not found:{}", req.getFeatureCodes()); +// return false; +// } +// +// //用户角色关系,以及对应角色的权限点 +// List saasRoleUserRelations = listRoleUserRelations(req, saasFeatures); +// if (CollectionUtils.isEmpty(saasRoleUserRelations)) { +// return false; +// } +// +// // 查询租户开通的所有产品 +// Set productIds = listProducts(req); +// if (CollectionUtils.isEmpty(productIds)) { +// log.info("product not found:{}", req.getWorkspaceId()); +// return false; +// } +// +// // 查询产品开通的这些权限点的信息 +// List permissionProducts = listPermissionProduct(saasFeatures, productIds); +// if (CollectionUtils.isEmpty(productIds)) { +// log.info("permission product not found:{}", req.getWorkspaceId()); +// return false; +// } +// +// // 是否有免授权的权限码,且在租户开通了这个产品 +// boolean matchedNoNeedAuthFeature = matchNoAuthFeature(saasFeatures, permissionProducts); +// if (BooleanUtil.isTrue(matchedNoNeedAuthFeature)) { +// log.info("has no need auth feature:{}", req.getWorkspaceId()); +// return true; +// } +// +// // 是否有管理员角色,且租户开通了管理员角色的单位类型对应的产品权限码 +// boolean matchedAdminRole = matchAdminRole(saasRoleUserRelations, permissionProducts); +// if (BooleanUtil.isTrue(matchedAdminRole)) { +// log.info("admin role has permission:{}", req.getWorkspaceId()); +// return true; +// } +// +// return matchNormalRole(saasRoleUserRelations, permissionProducts); +// } + private boolean matchNormalRole(List saasRoleUserRelations, List permissionProducts) { List normalRoles = saasRoleUserRelations.stream() From 65b48ba39f4e2c1856f98632601fba613c36cff1 Mon Sep 17 00:00:00 2001 From: lilong Date: Thu, 27 Jun 2024 15:13:16 +0800 Subject: [PATCH 2/2] =?UTF-8?q?feat:(REQ-2545)=20=E8=BF=94=E5=9B=9E?= =?UTF-8?q?=E8=8F=9C=E5=8D=95=E5=A2=9E=E5=8A=A0featureId?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java index 29617e7f..4a85e114 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java @@ -297,6 +297,7 @@ public class PermissionQueryServiceImpl implements PermissionQueryService { .map(e -> { TreePermissionResp treePermissionResp = TreePermissionResp.builder().build(); BeanUtils.copyProperties(e, treePermissionResp); + treePermissionResp.setFeatureId(e.getId()); return treePermissionResp; }) .collect(Collectors.toList());